Skip to content

Commit 776437c

Browse files
author
Aaron Hicks
committed
Update documentation for mod_shib
1 parent 318f5f6 commit 776437c

File tree

2 files changed

+27
-203
lines changed

2 files changed

+27
-203
lines changed

README.md

Lines changed: 27 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -113,8 +113,6 @@ A slightly more complicated example, changes the docroot owner/group from the de
113113
docroot_group => 'third',
114114
}
115115
```
116-
For details on using the Shibboleth module (a.k.a. `mod_shib`) see [the Shibboleth README](README.mod_shib.md)
117-
118116

119117
To set up a virtual host with SSL and default SSL certificates
120118

@@ -550,6 +548,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl
550548
* `rewrite`
551549
* `rpaf`*
552550
* `setenvif`
551+
* `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below)
553552
* `speling`
554553
* `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below)
555554
* `status`*
@@ -697,6 +696,12 @@ AddHandler php5-script .php
697696
AddType text/html .php',
698697
}
699698
```
699+
####Class: `apache::mod::shib`
700+
701+
Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
702+
703+
Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances.
704+
700705
####Class: `apache::mod::ssl`
701706

702707
Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults:
@@ -1706,6 +1711,26 @@ Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array
17061711
}
17071712
```
17081713

1714+
######`shib_request_setting`
1715+
1716+
Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
1717+
1718+
```puppet
1719+
apache::vhost { 'secure.example.net':
1720+
docroot => '/path/to/directory',
1721+
directories => [
1722+
{ path => '/path/to/directory',
1723+
shib_require_setting => 'requiresession 1',
1724+
shib_use_headers => 'On',
1725+
},
1726+
],
1727+
}
1728+
```
1729+
1730+
######`shib_use_headers`
1731+
1732+
When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
1733+
17091734
######`ssl_options`
17101735

17111736
String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost.

README.mod_shib.md

Lines changed: 0 additions & 201 deletions
This file was deleted.

0 commit comments

Comments
 (0)